HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free and registered users see less advertising! If you just want to browse through the existing questions, just select the forum that you want to visit from the selection below. Otherwise, click here to register!. We highly recommend that you print a copy of our Guide for New Members. Enjoy!

Opening firewall for ftp

I'm trying to get my server open so I can ftp it to put stuff on my web site. I thought ftp only used ports 20 (data) and 21 (control), but I've opened those ports and it still isn't fully functional. I can ftp to it but when I try to put a file, it just sits there. I have to tell it to accept all packets from my computer to get it to work. I know the FreeBSD firewall is a little different, but if you're good with networking, you should be able to read basic ipfw commands without a tutorial. Here's my set of firewall rules on the computer:

Code:

ipfw -f flush
ipfw add pass all from 127.0.0.1 to 127.0.0.1
ipfw add pass tcp from any to ${ip} 20 setup
ipfw add pass tcp from any to ${ip} 21 setup
[similar lines to open other ports]
ipfw add pass tcp from ${subnet} to ${ip} 23 setup
ipfw add deny tcp from any to ${ip} setup

The default is set to accept by the way. ${ip} is set to the machine's ip and ${subnet} is set to the subnet of the whole school.

Re: Opening firewall for ftp

Feztaa: seems you're right, it doesn't.

Kenshi: Looks like your client uses passive mode by default. Strange, but it's the only explanation I could find based on the info I have. In passive mode it's the client that tries to connect to a high number port on the server (which is blocked by the server's firewall). You can quickly test it by telling your client to use active mode.

Re: Opening firewall for ftp

Kenshi: Looks like your client uses passive mode by default. Strange, but it's the only explanation I could find based on the info I have. In passive mode it's the client that tries to connect to a high number port on the server (which is blocked by the server's firewall). You can quickly test it by telling your client to use active mode.

It was using passive mode by default. Well if that don't beat all... Case solved. But to make things easier for me, does anyone know how to set the default mode (if you can)? Also, which mode do Windows and Linux clients use by default? If Windows especially doesn't use active mode by default, then the students will never be able to figure out what's wrong.

Re: Opening firewall for ftp

It was using passive mode by default. Well if that don't beat all... Case solved. But to make things easier for me, does anyone know how to set the default mode (if you can)? Also, which mode do Windows and Linux clients use by default? If Windows especially doesn't use active mode by default, then the students will never be able to figure out what's wrong.

According to the RFC active is default, IIRC. All clients are standards compliant : , buhahahahahahaha

* *# Force a flushing of the current rules before we reload.
* *$fwcmd -f flush

* *# Divert all packets through the tunnel interface.
* *$fwcmd add divert natd all from any to any via dc0

* *# Allow all data from my network card and localhost.
* *$fwcmd add allow ip from any to any via lo0
* *$fwcmd add allow ip from any to any via dc1

* *# Allow all connections that I initiate.
* *$fwcmd add allow tcp from any to any out xmit dc0 setup

* *# Once connections are made, allow them to stay open.
* *$fwcmd add allow tcp from any to any via dc0 established

* *# Everyone on the internet is allowed to connect to the following
* *$fwcmd add allow tcp from any to any 21 setup
* *$fwcmd add allow tcp from any to any 22 setup
* *$fwcmd add allow tcp from any to any 80 setup
* *$fwcmd add allow tcp from any to any 5500 setup
* *$fwcmd add allow tcp from any to any 5800-5810 setup
* *$fwcmd add allow tcp from any to any 5900-5910 setup

* *# This sends a RESET to all ident packets.
* *$fwcmd add reset log tcp from any to any 113 in recv dc0

* *# Allow outgoing DNS queries ONLY to the specified servers.
* *$fwcmd add allow udp from any to xxx.xxx.xxx.xxx 53 out xmit dc0
* *$fwcmd add allow udp from any to xxx.xxx.xxx.xxx 53 out xmit dc0
* *$fwcmd add allow udp from any to xxx.xxx.xxx.xxx 53 out xmit dc0

* *# Allow them back in with the answers.
* *$fwcmd add allow udp from xxx.xxx.xxx.xxx 53 to any in recv dc0
* *$fwcmd add allow udp from xxx.xxx.xxx.xxx 53 to any in recv dc0
* *$fwcmd add allow udp from xxx.xxx.xxx.xxx 53 to any in recv dc0